import "crvpuppet"

define at3_security($ethgreen, $domasq=false, $extrarules="") {
  case $domasq {
    true:   {
      exec { setforwarding:
        command => "/sbin/sysctl -w net.ipv4.ip_forward=1",
      }
      exec { setsecurity:
        command => "/usr/bin/system-config-securitylevel-tui --selinux=permissive --enabled --trust=$ethgreen --masq=$ethgreen -q --port=ssh:tcp $extrarules",
        require => Exec["setforwarding"],
      }
    }
    
    false:  { 
      exec { setsecurity:
        command => "/usr/bin/system-config-securitylevel-tui --selinux=permissive --enabled --trust=$ethgreen -q --port=ssh:tcp $extrarules",
      }
    }
  }
}


